/**
 * BladeX Commercial License Agreement
 * Copyright (c) 2018-2099, https://bladex.cn. All rights reserved.
 * <p>
 * Use of this software is governed by the Commercial License Agreement
 * obtained after purchasing a license from BladeX.
 * <p>
 * 1. This software is for development use only under a valid license
 * from BladeX.
 * <p>
 * 2. Redistribution of this software's source code to any third party
 * without a commercial license is strictly prohibited.
 * <p>
 * 3. Licensees may copyright their own code but cannot use segments
 * from this software for such purposes. Copyright of this software
 * remains with BladeX.
 * <p>
 * Using this software signifies agreement to this License, and the software
 * must not be used for illegal purposes.
 * <p>
 * THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY. The author is
 * not liable for any claims arising from secondary or illegal development.
 * <p>
 * Author: Chill Zhuang (bladejava@qq.com)
 */
package org.springblade.modules.auth.utils;

import jakarta.servlet.http.HttpServletResponse;
import org.springblade.common.cache.SysCache;
import org.springblade.common.constant.TenantConstant;
import org.springblade.core.launch.constant.TokenConstant;
import org.springblade.core.log.exception.ServiceException;
import org.springblade.core.oauth2.provider.OAuth2Request;
import org.springblade.core.oauth2.service.OAuth2User;
import org.springblade.core.oauth2.service.impl.OAuth2UserDetail;
import org.springblade.core.secure.TokenInfo;
import org.springblade.core.secure.utils.AuthUtil;
import org.springblade.core.secure.utils.SecureUtil;
import org.springblade.core.tenant.BladeTenantProperties;
import org.springblade.core.tool.constant.BladeConstant;
import org.springblade.core.tool.jackson.JsonUtil;
import org.springblade.core.tool.support.Kv;
import org.springblade.core.tool.utils.*;
import org.springblade.modules.system.pojo.entity.Tenant;
import org.springblade.modules.system.pojo.entity.User;
import org.springblade.modules.system.pojo.entity.UserInfo;
import org.springblade.modules.system.pojo.entity.cuser.AgentUser;

import java.util.Date;
import java.util.HashMap;
import java.util.Map;

/**
 * 认证工具类
 *
 * @author Chill
 */
public class TokenUtil {

	public final static String CAPTCHA_HEADER_KEY = "Captcha-Key";
	public final static String CAPTCHA_HEADER_CODE = "Captcha-Code";
	public final static String CAPTCHA_NOT_CORRECT = "验证码不正确";
	public final static String TENANT_HEADER_KEY = "Tenant-Id";
	public final static String DEFAULT_TENANT_ID = "000000";

	public final static String DEFAULT_USER_TYPE = "web";

	public final static String USER_TYPE_HEADER_KEY = "User-Type";

	public final static String LOGIN_USER_TYPE = "app";
	public final static String USER_NOT_FOUND = "用户名或密码错误";
	public final static String USER_HAS_NO_ROLE = "未获得用户的角色信息";
	public final static String USER_HAS_NO_TENANT = "未获得用户的租户信息";
	public final static String USER_HAS_NO_TENANT_PERMISSION = "租户授权已过期,请联系管理员";

	private static BladeTenantProperties tenantProperties;

	/**
	 * Access Token 的默认过期时间（单位：秒）1小时
	 */
	public static final int ACCESS_TOKEN_EXPIRY = 3600;

	/**
	 * 系统用户转换为OAuth2标准用户
	 *
	 * @param userInfo 用户信息
	 * @param request  请求信息
	 * @return OAuth2User
	 */
	public static OAuth2User convertUser(UserInfo userInfo, OAuth2Request request) {
		// 为空则返回null
		if (userInfo == null) {
			return null;
		}
		AgentUser user = userInfo.getAgentUser();
		String userDept = request.getUserDept();
		String userRole = request.getUserRole();
		// 单独指定部门
//		if (Func.isNotEmpty(userDept) && user.getDeptId().contains(userDept)) {
//			user.setDeptId(userDept);
//		}
		// 单独指定角色
//		if (Func.isNotEmpty(userRole) && user.getRoleId().contains(userRole)) {
//			user.setRoleId(userRole);
//			userInfo.setRoles(SysCache.getRoleAliases(userRole));
//		}
		// 构建oauth2所需用户信息
		OAuth2UserDetail userDetail = new OAuth2UserDetail();
		userDetail.setUserId(String.valueOf(user.getId()));
		userDetail.setOauthId(userInfo.getOauthId());
		userDetail.setTenantId(user.getTenantId());
		userDetail.setName(user.getUserName());
		userDetail.setRealName(user.getUserName());
		userDetail.setAccount(user.getAccount());
		userDetail.setPassword(user.getPassword());
//		userDetail.setDeptId(user.getDeptId());
//		userDetail.setPostId(user.getPostId());
//		userDetail.setRoleId(user.getRoleId());
		userDetail.setRoleName(Func.join(userInfo.getRoles()));
		userDetail.setAvatar(user.getWechatAvatarUrl());
		userDetail.setAuthorities(userInfo.getRoles());
		userDetail.setDetail(userInfo.getDetail());
		return userDetail;
	}

	/**
	 * 创建认证token
	 *
	 * @param userInfo 用户信息
	 * @return token
	 */
	public static Kv createAuthInfo(UserInfo userInfo) {
		Kv authInfo = Kv.create();
		AgentUser user = userInfo.getAgentUser();
		//设置jwt参数
		Map<String, Object> param = new HashMap<>(16);
		param.put(TokenConstant.TOKEN_TYPE, TokenConstant.BEARER);
		param.put(TokenConstant.TENANT_ID, user.getTenantId());
		param.put(TokenConstant.USER_ID, Func.toStr(user.getId()));
		param.put(TokenConstant.OAUTH_ID, userInfo.getOauthId());
		param.put(TokenConstant.ACCOUNT, user.getAccount());
		param.put(TokenConstant.USER_NAME, user.getUserName());
		param.put(TokenConstant.NICK_NAME, user.getUserName());
//		param.put(TokenConstant.ROLE_NAME, Func.join(userInfo.getRoles()));
		param.put(TokenConstant.DETAIL, userInfo.getDetail());

		//拼装accessToken
		try {
			//TokenInfo accessToken = SecureUtil.createJWT(param, "audience", "issuser", TokenConstant.ACCESS_TOKEN);
//			TokenInfo accessToken = SecureUtil.createToken(Kv.create().setAll(param), ACCESS_TOKEN_EXPIRY, "audience", "issuser");
			TokenInfo accessToken = SecureUtil.createToken(Kv.create().setAll(param), ACCESS_TOKEN_EXPIRY);
			//返回accessTokenf
			return authInfo.set(TokenConstant.TENANT_ID, user.getTenantId())
					.set(TokenConstant.USER_ID, Func.toStr(user.getId()))
					.set(TokenConstant.OAUTH_ID, userInfo.getOauthId())
					.set(TokenConstant.ACCOUNT, user.getAccount())
					.set(TokenConstant.USER_NAME, user.getAccount())
					.set(TokenConstant.NICK_NAME, user.getAccount())
//				.set(TokenConstant.ROLE_NAME, Func.join(userInfo.getRoles()))
					.set(TokenConstant.AVATAR, Func.toStr(user.getWechatAvatarUrl(), TokenConstant.DEFAULT_AVATAR))
					.set(TokenConstant.ACCESS_TOKEN, accessToken.getToken())
					.set(TokenConstant.REFRESH_TOKEN, createRefreshToken(userInfo).getToken())
					.set(TokenConstant.TOKEN_TYPE, TokenConstant.BEARER)
					.set(TokenConstant.EXPIRES_IN, accessToken.getExpire())
					.set(TokenConstant.DETAIL, userInfo.getDetail())
					.set(TokenConstant.LICENSE, TokenConstant.LICENSE_NAME);
		} catch (Exception ex) {
			return authInfo.set("error_code", HttpServletResponse.SC_UNAUTHORIZED).set("error_description", ex.getMessage());
		}
	}

	/**
	 * 创建refreshToken
	 *
	 * @param userInfo 用户信息
	 * @return refreshToken
	 */
	private static TokenInfo createRefreshToken(UserInfo userInfo) {
		AgentUser user = userInfo.getAgentUser();
		Map<String, Object> param = new HashMap<>(16);
		param.put(TokenConstant.TOKEN_TYPE, TokenConstant.BEARER);
		param.put(TokenConstant.USER_ID, Func.toStr(user.getId()));
//		return SecureUtil.createJWT(param, "audience", "issuser", TokenConstant.REFRESH_TOKEN);
//		return SecureUtil.createToken(Kv.create().setAll(param), ACCESS_TOKEN_EXPIRY, "audience", "issuser");
		return SecureUtil.createToken(Kv.create().setAll(param), ACCESS_TOKEN_EXPIRY);
	}

	/**
	 * 判断租户权限
	 *
	 * @param tenant 租户信息
	 * @return boolean
	 */
	public static boolean judgeTenant(Tenant tenant) {
		if (tenant == null) {
			throw new ServiceException(TokenUtil.USER_HAS_NO_TENANT);
		}
		if (StringUtil.equalsIgnoreCase(tenant.getTenantId(), BladeConstant.ADMIN_TENANT_ID)) {
			return false;
		}
		Date expireTime = tenant.getExpireTime();
		if (getTenantProperties().getLicense()) {
			String licenseKey = tenant.getLicenseKey();
			String decrypt = DesUtil.decryptFormHex(licenseKey, TenantConstant.DES_KEY);
			expireTime = JsonUtil.parse(decrypt, Tenant.class).getExpireTime();
		}
		if (expireTime != null && expireTime.before(DateUtil.now())) {
			throw new ServiceException(TokenUtil.USER_HAS_NO_TENANT_PERMISSION);
		}
		return false;
	}

	/**
	 * 获取租户配置
	 *
	 * @return tenantProperties
	 */
	private static BladeTenantProperties getTenantProperties() {
		if (tenantProperties == null) {
			tenantProperties = SpringUtil.getBean(BladeTenantProperties.class);
		}
		return tenantProperties;
	}

}
